Microsoft delivers seven updates in October patch release

Microsoft has released an October security update which includes seven bulletin postings and an update to the way Windows handles security keys.

The company said that the Patch Tuesday release would in all patch 20 different security vulnerabilities, including two which have been rated by the company as 'critical' risks and top deployment priorities.

The lone 'critical' bulletin remedies two security issues in the way Word handles Rich Text Format (RTF) code in documents and email messages. If exploited, the flaws could be used by attackers for remote code execution attacks.

"Only one of the two issues addressed by this bulletin is rated Critical, but in that case, an attacker could run code in the context of the logged- on user if they were to open a specially crafted Rich Text Format (RTF) file or previews or open a specially crafted RTF email message," the company said in a post to its TechnNet security blog.

Other bulletins in the October update address flaws in Office, SharePoint, SQL Server, Lync and Windows. The remaining six bulletins are rated as 'important' and include flaws for remote code execution, denial of service and elevation of privileges.

Microsoft is also issuing the final step in its efforts to improve encryption practices. The company on Tuesday made good on a promise to disable RSA security keys which are less than 1024 bits in length.

Paul Henry, forensics and security analyst with Lumension, said that administrators should have long since equipped themselves for the change over, and those who have not would be well-served to do so immediately.

"This patch has been optional since August and we hope you’ve taken the time to test it and patch it," Henry said.

"It will no longer be optional after today’s patches. Don’t let this be an 'I told you so' moment."